P-red2: (0.01) (potato) Localización de problemas en una red eth0 (II): paquetes de samba tcpdump -n -s 128 # -n = no convertir IP en nombres # -f = no convertir IP externas (Internet) en nombres # -s 128 = examinar los primeros 128 bytes (por defecto 68), esto es necesario para investigar el tráfico DNS # -i lo = escuchar en el interface "lo" en lugar de en el "eth0" SAMBA ------ Win al encender 07:33:17.361568 arp who-has 192.168.0.2 tell 192.168.0.2 07:33:17.990778 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:17.991675 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:17.991808 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x03 (Client?) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:18.745431 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:18.745603 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x03 (Client?) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:18.745843 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:18.884990 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x20 (Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:19.500627 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:19.500808 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x03 (Client?) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:19.501040 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:19.637854 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x20 (Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:20.255754 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:20.255931 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x03 (Client?) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:20.256163 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:20.393045 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x20 (Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:21.148240 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x20 (Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:21.903583 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x1E (Browser Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:22.658536 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x1E (Browser Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:23.413715 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x1E (Browser Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:24.168873 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x1E (Browser Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 07:33:25.926744 192.168.0.2.138 > 192.168.0.255.138: >>> NBT UDP PACKET(138) Res=0x1102 ID=0x6 IP=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) Port=138 (0x8a) Length=189 (0xbd) Res2=0x0 SourceName=CLIENTE NameType=0x00 (Workstation) DestName=GRUPO_DE_TRABAJO NameType=0x1D (Master Browser) SMB PACKET: SMBtrans (REQUEST) ------ Win al apagar 23:22:07.196191 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x03 (Client?) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 23:22:07.330905 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x20 (Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 23:22:07.342563 192.168.0.2.138 > 192.168.0.255.138: >>> NBT UDP PACKET(138) Res=0x1102 ID=0x1D IP=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) Port=138 (0x8a) Length=189 (0xbd) Res2=0x0 SourceName=CLIENTE NameType=0x00 (Workstation) DestName=GRUPO_DE_TRABAJO NameType=0x1D (Master Browser) SMB PACKET: SMBtrans (REQUEST) 23:22:07.358962 192.168.0.2.138 > 192.168.0.255.138: >>> NBT UDP PACKET(138) Res=0x1102 ID=0x1E IP=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) Port=138 (0x8a) Length=189 (0xbd) Res2=0x0 SourceName=CLIENTE NameType=0x00 (Workstation) DestName=GRUPO_DE_TRABAJO NameType=0x1D (Master Browser) SMB PACKET: SMBtrans (REQUEST) 23:22:07.359427 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST ... Name=CLIENTE NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 23:22:07.359559 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x00 (Workstation) ... Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) 23:22:07.360016 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST ... Name=GRUPO_DE_TRABAJO NameType=0x1E (Browser Server) Address=192 (0xc0).168 (0xa8).0 (0x0).2 (0x2) ------ Al hacer desde un Win "net view \\host" 22:50:09.475166 192.168.0.2.137 > 192.168.0.255.137: >>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST ... Name=SAMBA NameType=0x20 (Server) ... 22:50:09.475750 arp who-has 192.168.0.2 tell 192.168.0.1 22:50:09.476330 arp reply 192.168.0.2 is-at 0:80:ad:20:d4:9b 22:50:09.476414 192.168.0.1.137 > 192.168.0.2.137: >>> NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST ... Name=SAMBA NameType=0x20 (Server) ... Address=192 (0xc0).168 (0xa8).0 (0x0).1 (0x1) 22:50:09.477134 192.168.0.2.1027 > 192.168.0.1.139: S 1672227:1672227(0) win 8192 (DF) 22:50:09.477864 192.168.0.1.139 > 192.168.0.2.1027: S 333694261:333694261(0) ack 1672228 win 16060 (DF) 22:50:09.478482 192.168.0.2.1027 > 192.168.0.1.139: . ack 1 win 8760 (DF) 22:50:09.478679 192.168.0.2.1027 > 192.168.0.1.139: P 1:73(72) ack 1 win 8760 >>> NBT Packet NBT Session Request Flags=0x81000044 Destination=SAMBA NameType=0x20 (Server) Source=CLIENTE NameType=0x00 (Workstation) 22:50:09.478927 192.168.0.1.139 > 192.168.0.2.1027: . ack 73 win 16060 (DF) 22:50:09.611640 192.168.0.1.139 > 192.168.0.2.1027: P 1:5(4) ack 73 win 16060 >>> NBT Packet NBT Session Granted 22:50:09.612704 192.168.0.2.1027 > 192.168.0.1.139: P 73:231(158) ack 5 win 8756 >>> NBT Packet NBT Session Packet ... SMB PACKET: SMBnegprot (REQUEST) 22:50:09.621176 192.168.0.1.139 > 192.168.0.2.1027: P 5:94(89) ack 231 win 15902 >>> NBT Packet NBT Session Packet ... SMB PACKET: SMBnegprot (REPLY) 22:50:09.622928 192.168.0.2.1027 > 192.168.0.1.139: P 231:386(155) ack 94 win 8667 >>> NBT Packet NBT Session Packet ... SMB PACKET: SMBsesssetupX (REQUEST) 22:50:09.638055 192.168.0.1.139 > 192.168.0.2.1027: . ack 386 win 15747 (DF) [tos 0x10] 22:50:09.701904 192.168.0.1.139 > 192.168.0.2.1027: P 94:183(89) ack 386 win 15747 >>> NBT Packet NBT Session Packet ... SMB PACKET: SMBsesssetupX (REPLY) 22:50:09.703046 192.168.0.2.1027 > 192.168.0.1.139: P 386:485(99) ack 183 win 8578 >>> NBT Packet NBT Session Packet ... SMB PACKET: SMBtrans (REQUEST) 22:50:09.706890 192.168.0.1.139 > 192.168.0.2.1027: P 183:478(295) ack 485 win 15648 >>> NBT Packet NBT Session Packet ... SMB PACKET: SMBtrans (REPLY) 22:50:09.816004 192.168.0.2.1027 > 192.168.0.1.139: . ack 478 win 8283 (DF) 22:50:11.274312 192.168.0.2.1027 > 192.168.0.1.139: P 485:524(39) ack 478 win 8283 >>> NBT Packet NBT Session Packet ... SMB PACKET: SMBtdis (REQUEST) 22:50:11.286014 192.168.0.1.139 > 192.168.0.2.1027: P 478:517(39) ack 524 win 15609 >>> NBT Packet NBT Session Packet ... SMB PACKET: SMBtdis (REPLY) 22:50:11.286801 192.168.0.2.1027 > 192.168.0.1.139: F 524:524(0) ack 517 win 8244 (DF) 22:50:11.286952 192.168.0.1.139 > 192.168.0.2.1027: . ack 525 win 15608 (DF) [tos 0x10] 22:50:11.291261 192.168.0.1.139 > 192.168.0.2.1027: F 517:517(0) ack 525 win 15608 (DF) [tos 0x10] 22:50:11.291853 192.168.0.2.1027 > 192.168.0.1.139: . ack 518 win 8244 (DF)